Invicti detected that the Spring Boot web application is configured with Admin MBean enabled. Spring Boot allows developers to enable admin-related features for the application by specifying the spring.application.admin.enabled property.

Depending on the configuration of the MBean, it might be possible for a remote attacker to manage the application remotely, including shutting it down without any authentication.

In production websites it's recommended to disable the Admin MBean using the following configuration (in the Spring properties file):

spring.application.admin.enabled=false